[Samba4] Duplicate ntSecurityDescriptor during provisioning
Nadezhda Ivanova
nadezhda.ivanova at postpath.com
Wed Sep 23 11:46:05 MDT 2009
Hi,
I am not sure, we made quite some changes in the last week. There was one problem with the new module, duolicating sd values, but that was fixed, Can you try again today?
Regards,
Nadya
----- Original Message -----
From: Crístian Viana <cristiandeives at gmail.com>
To: Nadezhda Ivanova <nadezhda.ivanova at postpath.com>
Cc: mat+Informatique.Samba at matws.net <mat+Informatique.Samba at matws.net>, dpal at redhat.com <dpal at redhat.com>, samba-technical at lists.samba.org <samba-technical at lists.samba.org>, abartlet at samba.org <abartlet at samba.org>
Sent: Wednesday, September 23, 2009 6:56:21 AM GMT-0800 America;Los_Angeles
Subject: Re: [Samba4] Duplicate ntSecurityDescriptor during provisioning
hi Nadezhda,
I'm running "net vampire" from the latest git version and it fails with the following message:
libnet_BecomeDC() failed - LDAP_CONSTRAINT_VIOLATION
I remember a few days ago it worked, but now it didn't.
is this problem related to this thread's?
On Sat, Sep 19, 2009 at 2:59 PM, Nadezhda Ivanova <nadezhda.ivanova at postpath.com>wrote:
Hi Matthieu,
I am close to fixing it, just need to run a few tests.
----- Original Message -----
>From: Matthieu Patou <mat+Informatique.Samba at matws.net <mailto:mat%2BInformatique.Samba at matws.net> >
>To: Nadezhda Ivanova <nadezhda.ivanova at postpath.com>
>Cc: mdw at samba.org<mdw at samba.org>, dpal at redhat.com<dpal at redhat.com>, samba-technical at lists.samba.org<samba-technical at lists.samba.org>, abartlet at samba.org<abartlet at samba.org>
>Sent: Saturday, September 19, 2009 3:29:34 AM GMT-0800 America;Los_Angeles
>Subject: Re: [Samba4] Duplicate ntSecurityDescriptor during provisioning
>>Hello Nadya,
>I also have the same problem of duplicate descriptor on the default
>domain policy even for a default provisionning with a ldb backend.
>
>Matthieu
>
>On 09/18/2009 10:23 AM, Nadezhda Ivanova wrote:
>>Hi again,
>>I am pretty sure the problem is that instead of replacing the
>existing value, descriptor_do_add adds another one. I think I fixed
>the problem by removing the old value first. Its very late here and I
>cannot submit the patch tonight. If you cant wait, try removing the
>attribute from the incoming message and adding an empty value instead,
>like the objectclass module does with the objectClass. Sorry about
>that, it did not show with the default backend.
>>
>>Regards,
>>Nadya
>>----- Original Message -----
>>>From:
>samba-technical-bounces at lists.samba.org<samba-technical-bounces at lists.s
>amba.org <http://amba.org> >
>>>To: mdw at samba.org<mdw at samba.org>, Nadezhda
>Ivanova<nadezhda.ivanova at postpath.com>
>>>Cc: dpal at redhat.com<dpal at redhat.com>,
>samba-technical at lists.samba.org<samba-technical at lists.samba.org>,
>abartlet at samba.org<abartlet at samba.org>
>>>Sent: Friday, September 18, 2009 8:47:19 AM GMT+0200 Europe;Athens
>>>Subject: Re: [Samba4] Duplicate ntSecurityDescriptor during
>provisioning
>>
>>>>Hi all,
>>>I think I know the cause of it, and it will be fixed in my next
>commit
>>>tomorrow.
>>>
>>>Regards,
>>>Nadya
>>>----- Original Message -----
>>>>From: Matthias Dieter Wallnöfer<mdw at samba.org>
>>>>To: Nadezhda Ivanova<nadezhda.ivanova at postpath.com>
>>>>Cc: abartlet at samba.org<abartlet at samba.org>, edewata at redhat.com
>>><edewata at redhat.com>, dpal at redhat.com<dpal at redhat.com>,
>>>samba-technical at lists.samba.org<samba-technical at lists.samba.org>
>>>>Sent: Friday, September 18, 2009 1:50:36 AM GMT+0200 Europe;Athens
>>>>Subject: Re: [Samba4] Duplicate ntSecurityDescriptor during
>>>provisioning
>>>
>>>>>Hi all together,
>>>>
>>>>yeah, this problem needs tracking. I also suffer from it (I think
>>>you
>>>>all too): consider the group policy objects under
>>>>"CN=Policies,CN=System,<domain-DN>". One is the security
>descriptor
>>>>added by the "provision_group_policy.ldif" file, therefore this
>>>should
>>>>
>>>>be the right one, and the other seems to be added (I don't exactly
>>>>know
>>>>- but I imagine) by the new module.
>>>>
>>>>Matthias
>>>>
>>>>Nadezhda Ivanova schrieb:
>>>>>Hi,
>>>>>Are you using alpha8 or the current master? It could be related
>to
>>>a
>>>>patch regarding security descriptors that we pushed Monday
>evening.
>>>>>
>>>>>Regards,
>>>>>Nadya
>>>>>----- Original Message -----
>>>>>
>>>>>>From: samba-technical-bounces at lists.samba.org
>>>><samba-technical-bounces at lists.samba.org>
>>>>>>To: Andrew Bartlett<abartlet at samba.org>, Endi Sukma Dewata
>>>><edewata at redhat.com>
>>>>>>Cc: Dmitri Pal<dpal at redhat.com>, samba-technical at lists.samba.org
>>>
>>>><samba-technical at lists.samba.org>
>>>>>>Sent: Wednesday, September 16, 2009 3:38:59 PM GMT-0800
>>>>America;Los_Angeles
>>>>>>Subject: [Samba4] Duplicate ntSecurityDescriptor during
>>>>provisioning
>>>>>>
>>>>>
>>>>>
>>>>>>>Andrew,
>>>>>>>
>>>>>>I'm trying to run the test against OpenLDAP to verify my
>>>>environment
>>>>>>before testing FDS again. I found that the provisioning script
>>>>failed
>>>>>>to load the first entry in provision_group_policy.ldif. Here is
>>>the
>>>>
>>>>>>error message:
>>>>>>
>>>>>>_ldb.LdbError: (19, 'LDAP error 19 LDAP_CONSTRAINT_VIOLATION -
>>>>>><nTSecurityDescriptor: multiple values provided> <>')
>>>>>>
>>>>>>In the LDIF file the entry only has 1 nTSecurityDescriptor value,
>
>>>
>>>>but
>>>>>>when I check the attribute in ildap_add() it actually has 2
>>>values.
>>>>>>
>>>>>>Do you have any idea? Thanks.
>>>>>>
>>>>>>--
>>>>>>Endi S. Dewata
>>>>>>
>>>>>
>>>>>
--
Crístian Deives dos Santos Viana [aka CD1]
Sent from Campinas, SP, Brazil
More information about the samba-technical
mailing list